CVE-2025-1640 – This critical SQL injection vulnerability in Be... (How to Fix)

Q: What is the severity of CVE-2025-1640?

CVE-2025-1640 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in Benner ModernaNet allows attackers to execute arbitrary SQL commands through the /Home/JS_CarregaCombo endpoint. Affected systems running versions up to 1.1.0 are vulnerable to data theft, modification, or complete system compromise. The vulnerability can be exploited remotely without authentication.

📋 TL;DR

This critical SQL injection vulnerability in Benner ModernaNet allows attackers to execute arbitrary SQL commands through the /Home/JS_CarregaCombo endpoint. Affected systems running versions up to 1.1.0 are vulnerable to data theft, modification, or complete system compromise. The vulnerability can be exploited remotely without authentication.

💻 Affected Systems

Products:

Benner ModernaNet

Versions: Up to version 1.1.0

Operating Systems: All platforms running ModernaNet

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to version 1.1.0 are vulnerable by default. The specific functionality involves the JS_CarregaCombo endpoint with SQL injection in parameters.

📦 What is this software?

Modernanet by Modernasistemas

View all CVEs affecting Modernanet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, data destruction, privilege escalation, and potential remote code execution on the underlying server.

🟠

Likely Case

Unauthorized access to sensitive data including personal information, financial records, and system credentials stored in the database.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access, reducing exposure to external attackers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with automated tools. No authentication required for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.1

Vendor Advisory: Not provided in CVE details

Restart Required: No

Instructions:

1. Backup your ModernaNet installation and database. 2. Download version 1.1.1 from the official vendor source. 3. Follow vendor upgrade instructions to apply the patch. 4. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the /Home/JS_CarregaCombo endpoint

Input Validation Filter

all

Add server-side input validation to sanitize parameters passed to the vulnerable endpoint

🧯 If You Can't Patch

Implement network segmentation to restrict access to ModernaNet instances
Deploy a web application firewall with SQL injection detection rules

🔍 How to Verify

Check if Vulnerable:

Test the endpoint /Home/JS_CarregaCombo with SQL injection payloads in parameters like formName, additionalCondition, or elementToReturn

Check Version:

Check ModernaNet version through application interface or configuration files

Verify Fix Applied:

After patching, attempt SQL injection tests against the vulnerable endpoint to confirm it no longer executes malicious SQL

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple requests to /Home/JS_CarregaCombo with suspicious parameters
Database query errors containing SQL injection patterns

Network Indicators:

HTTP requests to /Home/JS_CarregaCombo containing SQL keywords (SELECT, UNION, INSERT, etc.)
Unusual database connection patterns from application servers

SIEM Query:

source="moderanet.log" AND (url="/Home/JS_CarregaCombo" AND (param="*SELECT*" OR param="*UNION*" OR param="*INSERT*" OR param="*DELETE*"))

📊 Metadata

CVE ID: CVE-2025-1640

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.18% exploit probability (40th percentile)

Published: February 25, 2025

Last Updated: February 28, 2025

🔗 References

https://github.com/yago3008/CVES Third Party Advisory
https://vuldb.com/?ctiid.296690 Permissions Required,VDB Entry
https://vuldb.com/?id.296690 Permissions Required,VDB Entry
https://vuldb.com/?submit.499115 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1640, you might also want to check these: